interesting feature on AMIX..
Frank J. Edwards
crash at ckctpa.UUCP
Sat Jun 22 06:11:19 AEST 1991
In article <426 at hfsi.UUCP> emcphers at manu.cs.vt.edu (Frank McPherson) writes:
>
>If you restrict the mounting to floppies on a specific subtree, it's not
>that much of a security hole. For example, you could write a small
>program which would be called by a student which would mount a floppy
>disk residing in the internal disk drive to /sony, or something similar.
>That is, in fact, what is done at Virginia Tech. What we've got down
>there is a computer lab with four or five 3000UXD's which get used by
>many students. In order to avoid filling up the drives on the UXD's,
>we (the students) have to bring in a floppy which we use as our own
>personal travelling file system. It works out pretty well in the end.
You could have other problems "in the end!" ;-)
Suppose I make a floppy on my machine and put a copy of ksh on it. Then
I make that ksh set-uid to root and mount it on your system. I execute
that ksh and viola! I get the "#" prompt...
>- Frank McPherson INTERNET: emcphers at manu.cs.vt.edu -
Actually, the solution presented by Steve Warren is much sturdier: the
same script would search the inodes looking for set-uid programs. If
any were found, the disk would not be mounted.
The "ncheck" command has an option, -s, which looks for set-uid files on
the given media. It does not limit the output to any particular user ID,
however.
*** WARNING WILL ROBINSON ***
NOTE: you can't mount the disk and run find!! Once you mount it,
the user could access his set-uid program before the find command located
the problem. Especially easy to do if you know that find looks through
directory blocks sequentially...
Anyway, maybe I'll write a script for this, but don't hold your breath ;-)
Good luck.
--
Frank J. Edwards | "I did make up my own mind -- there
2677 Arjay Court | simply WASN'T ANY OTHER choice!"
Palm Harbor, FL 34684-4504 | -- Me
Phone (813) 786-3675 (voice) | Only Amiga Makes It Possible...
More information about the Comp.unix.amiga
mailing list